In Asia, it takes a lot of faith for businesses to have their data hosted out side of their own property. Common questions business owner will ask when it comes to cloud hosting are things like how their data is secured and who can see their data.
Vendors like Microsoft and Amazon can make all kinds of claims, but in the end, assurance comes in the form of a third party certification.
Microsoft Office 365 cloud, which host my company’s email (Exchange), instant messaging (Lync) and documents (SharePoint), has a few certifications under it’s belt.
This blog post from the product team talks about how our compliance concern are handled professionally by Microsoft.
And if you care enough to find out more in details, there is a landing page for this here
But for layman like me, what does terms like ISO 27001 and HIPAA mean for me? So I found that this page explains the meaning of the certificates that Office 365 has
Because the list doesn’t provide links back to respective certification body, I provide a list here:
If you read thru the detail, you will notice that some compliances are industry specific, as such health care (HIPAA) and financial services (GLBA). While I want to disclaim that I am not a legal professional but the Data Processing Agreements have pretty straight forward English. For most customers, a Data processing agreement with Microsoft will be covers generally the below few things.
1. Microsoft will not use your data other than to provide you the subscribed service
2. When you quit being their customer, you can extract your data before Microsoft is to delete them
3. Microsoft will not disclose your data to anyone except by law, but not without first notifying you about the law agency’s request
You can find a list of them Data Processing Agreement for Microsoft Online Services here.